On Tue, Nov 26, 2019 at 3:39 AM Meelis Roos <mroos@xxxxxxxx> wrote: > > I tried latest (5.4) custom kernel (with UBSAN) on my Dell D600 laptop and found that it exhibits a > UBSAN warning triggered by userspace ioctl. Here is dmesg with anything radeon-related + the warning, and config: > > [ 17.659534] [drm] radeon kernel modesetting enabled. > [ 17.659607] radeon 0000:01:00.0: remove_conflicting_pci_framebuffers: bar 0: 0xe8000000 -> 0xefffffff > [ 17.659609] radeon 0000:01:00.0: remove_conflicting_pci_framebuffers: bar 2: 0xfcff0000 -> 0xfcffffff > [ 17.659613] radeon 0000:01:00.0: vgaarb: deactivate vga console > [ 17.661629] Console: switching to colour dummy device 80x25 > [ 17.667764] [drm] initializing kernel modesetting (RV250 0x1002:0x4C66 0x1028:0x011D 0x01). > [ 17.667822] resource sanity check: requesting [mem 0x000c0000-0x000dffff], which spans more than PCI Bus 0000:00 [mem 0x000d0000-0x000dffff window] > [ 17.667832] caller pci_map_rom+0x6d/0x19a mapping multiple BARs > [ 17.668236] agpgart-intel 0000:00:00.0: AGP 2.0 bridge > [ 17.668246] agpgart-intel 0000:00:00.0: putting AGP V2 device into 4x mode > [ 17.668269] radeon 0000:01:00.0: putting AGP V2 device into 4x mode > [ 17.668291] radeon 0000:01:00.0: GTT: 128M 0xE0000000 - 0xE7FFFFFF > [ 17.668299] radeon 0000:01:00.0: VRAM: 128M 0x00000000E8000000 - 0x00000000EFFFFFFF (32M used) > [ 17.668336] [drm] Detected VRAM RAM=128M, BAR=128M > [ 17.668337] [drm] RAM width 64bits DDR > [ 17.681858] [TTM] Zone kernel: Available graphics memory: 412324 KiB > [ 17.681861] [TTM] Initializing pool allocator > [ 17.681868] [TTM] Initializing DMA pool allocator > [ 17.681905] [drm] radeon: 32M of VRAM memory ready > [ 17.681907] [drm] radeon: 128M of GTT memory ready. > [ 17.681918] [drm] radeon: power management initialized > [ 17.685726] radeon 0000:01:00.0: WB disabled > [ 17.685735] radeon 0000:01:00.0: fence driver on ring 0 use gpu addr 0x00000000e0000000 and cpu addr 0x116c2780 > [ 17.685738] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013). > [ 17.685739] [drm] Driver supports precise vblank timestamp query. > [ 17.685755] [drm] radeon: irq initialized. > [ 17.685758] [drm] Loading R200 Microcode > [ 17.788181] [drm] radeon: ring at 0x00000000E0001000 > [ 17.788207] [drm] ring test succeeded in 1 usecs > [ 17.788379] [drm] ib test succeeded in 0 usecs > [ 17.788845] [drm] Panel ID String: 2K077 141X13 > > [ 17.788846] [drm] Panel Size 1024x768 > [ 17.788880] [drm] No TV DAC info found in BIOS > [ 17.788912] [drm] Radeon Display Connectors > [ 17.788913] [drm] Connector 0: > [ 17.788914] [drm] VGA-1 > [ 17.788916] [drm] DDC: 0x60 0x60 0x60 0x60 0x60 0x60 0x60 0x60 > [ 17.788917] [drm] Encoders: > [ 17.788918] [drm] CRT1: INTERNAL_DAC1 > [ 17.788920] [drm] Connector 1: > [ 17.788920] [drm] DVI-D-1 > [ 17.788921] [drm] HPD1 > [ 17.788923] [drm] DDC: 0x64 0x64 0x64 0x64 0x64 0x64 0x64 0x64 > [ 17.788923] [drm] Encoders: > [ 17.788924] [drm] DFP1: INTERNAL_TMDS1 > [ 17.788925] [drm] Connector 2: > [ 17.788925] [drm] LVDS-1 > [ 17.788926] [drm] Encoders: > [ 17.788927] [drm] LCD1: INTERNAL_LVDS > [ 17.788927] [drm] Connector 3: > [ 17.788928] [drm] SVIDEO-1 > [ 17.788929] [drm] Encoders: > [ 17.788929] [drm] TV1: INTERNAL_DAC2 > [ 17.957500] [drm] fb mappable at 0xE8040000 > [ 17.957503] [drm] vram apper at 0xE8000000 > [ 17.957504] [drm] size 1572864 > [ 17.957505] [drm] fb depth is 16 > [ 17.957505] [drm] pitch is 2048 > [ 18.013861] fbcon: radeondrmfb (fb0) is primary device > [ 18.566984] Console: switching to colour frame buffer device 128x48 > [ 18.576250] radeon 0000:01:00.0: fb0: radeondrmfb frame buffer device > [ 18.577844] [drm] Initialized radeon 2.50.0 20080528 for 0000:01:00.0 on minor 0 > [ 64.194226] ================================================================================ > [ 64.194238] UBSAN: Undefined behaviour in drivers/gpu/drm/radeon/r200.c:480:34 > [ 64.194244] shift exponent 4096 is too large for 32-bit type 'int' > [ 64.194248] CPU: 0 PID: 447 Comm: Xorg Not tainted 5.4.0 #16 > [ 64.194249] Hardware name: Dell Computer Corporation Latitude D600 /0X2034, BIOS A16 06/29/2005 > [ 64.194251] Call Trace: > [ 64.194266] dump_stack+0x16/0x19 > [ 64.194272] ubsan_epilogue+0xb/0x29 > [ 64.194274] __ubsan_handle_shift_out_of_bounds.cold+0x26/0x78 > [ 64.194368] ? radeon_cs_packet_next_reloc+0x3c/0x170 [radeon] > [ 64.194403] ? r100_reloc_pitch_offset+0x27/0x140 [radeon] > [ 64.194433] r200_packet0_check.cold+0x5e/0x63 [radeon] > [ 64.194473] ? r200_copy_dma+0x430/0x430 [radeon] > [ 64.194508] r100_cs_parse_packet0+0x53/0xe0 [radeon] > [ 64.194543] r100_cs_parse+0x2de/0x4b0 [radeon] > [ 64.194583] ? r200_copy_dma+0x430/0x430 [radeon] > [ 64.194617] radeon_cs_ioctl+0x305/0x890 [radeon] > [ 64.194626] ? ttm_bo_init_reserved+0x2f0/0x390 [ttm] > [ 64.194662] ? radeon_cs_parser_init+0x550/0x550 [radeon] > [ 64.194689] drm_ioctl_kernel+0x8b/0xd0 [drm] > [ 64.194724] ? radeon_cs_parser_init+0x550/0x550 [radeon] > [ 64.194735] drm_ioctl+0x249/0x4f0 [drm] > [ 64.194740] ? ttm_bo_vm_fault+0xce/0x5a0 [ttm] > [ 64.194774] ? radeon_cs_parser_init+0x550/0x550 [radeon] > [ 64.194780] ? ktime_get_mono_fast_ns+0xbe/0x200 > [ 64.194805] radeon_drm_ioctl+0x40/0x80 [radeon] > [ 64.194829] ? radeon_pmops_resume+0x60/0x60 [radeon] > [ 64.194833] do_vfs_ioctl+0x3fc/0x6b0 > [ 64.194838] ? vm_mmap_pgoff+0x86/0xd0 > [ 64.194845] ? add_sysfs_fw_map_entry+0x8c/0x8c > [ 64.194847] ksys_ioctl+0x37/0x70 > [ 64.194849] sys_ioctl+0x11/0x13 > [ 64.194852] do_fast_syscall_32+0x95/0x240 > [ 64.194857] entry_SYSENTER_32+0xa9/0xfb > [ 64.194859] EIP: 0xb7ef29a9 > [ 64.194862] Code: 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb b4 8b 04 24 c3 8b 14 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 > [ 64.194864] EAX: ffffffda EBX: 0000000e ECX: c0206466 EDX: 0145cb10 > [ 64.194866] ESI: 0145c8d0 EDI: c0206466 EBP: 0000000e ESP: bff7a708 > [ 64.194867] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00203292 > [ 64.194869] ================================================================================ Looks like the shift and mask are reversed. Does this patch fix it? Alex
From 500e9aa1379d5a012e42aa70929e2947e4fa3753 Mon Sep 17 00:00:00 2001 From: Alex Deucher <alexander.deucher@xxxxxxx> Date: Tue, 26 Nov 2019 09:41:46 -0500 Subject: [PATCH] drm/radeon: fix r1xx/r2xx register checker for POT textures Shift and mask were reversed. Noticed by chance. Signed-off-by: Alex Deucher <alexander.deucher@xxxxxxx> --- drivers/gpu/drm/radeon/r100.c | 4 ++-- drivers/gpu/drm/radeon/r200.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/radeon/r100.c b/drivers/gpu/drm/radeon/r100.c index 7089dfc8c2a9..1ccee4e5880e 100644 --- a/drivers/gpu/drm/radeon/r100.c +++ b/drivers/gpu/drm/radeon/r100.c @@ -1826,8 +1826,8 @@ static int r100_packet0_check(struct radeon_cs_parser *p, track->textures[i].use_pitch = 1; } else { track->textures[i].use_pitch = 0; - track->textures[i].width = 1 << ((idx_value >> RADEON_TXFORMAT_WIDTH_SHIFT) & RADEON_TXFORMAT_WIDTH_MASK); - track->textures[i].height = 1 << ((idx_value >> RADEON_TXFORMAT_HEIGHT_SHIFT) & RADEON_TXFORMAT_HEIGHT_MASK); + track->textures[i].width = 1 << ((idx_value & RADEON_TXFORMAT_WIDTH_MASK) >> RADEON_TXFORMAT_WIDTH_SHIFT); + track->textures[i].height = 1 << ((idx_value & RADEON_TXFORMAT_HEIGHT_MASK) >> RADEON_TXFORMAT_HEIGHT_SHIFT); } if (idx_value & RADEON_TXFORMAT_CUBIC_MAP_ENABLE) track->textures[i].tex_coord_type = 2; diff --git a/drivers/gpu/drm/radeon/r200.c b/drivers/gpu/drm/radeon/r200.c index 840401413c58..f5f2ffea5ab2 100644 --- a/drivers/gpu/drm/radeon/r200.c +++ b/drivers/gpu/drm/radeon/r200.c @@ -476,8 +476,8 @@ int r200_packet0_check(struct radeon_cs_parser *p, track->textures[i].use_pitch = 1; } else { track->textures[i].use_pitch = 0; - track->textures[i].width = 1 << ((idx_value >> RADEON_TXFORMAT_WIDTH_SHIFT) & RADEON_TXFORMAT_WIDTH_MASK); - track->textures[i].height = 1 << ((idx_value >> RADEON_TXFORMAT_HEIGHT_SHIFT) & RADEON_TXFORMAT_HEIGHT_MASK); + track->textures[i].width = 1 << ((idx_value & RADEON_TXFORMAT_WIDTH_MASK) >> RADEON_TXFORMAT_WIDTH_SHIFT); + track->textures[i].height = 1 << ((idx_value & RADEON_TXFORMAT_HEIGHT_MASK) >> RADEON_TXFORMAT_HEIGHT_SHIFT); } if (idx_value & R200_TXFORMAT_LOOKUP_DISABLE) track->textures[i].lookup_disable = true; -- 2.23.0
_______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel